Memory Access Vulnerability in Microsoft Java Implementation in Internet Explorer
CVE-2002-1289

Currently unrated

Key Information:

Vendor: Microsoft
Status: Java Virtual Machine
Vendor: CVE Published:; 29 November 2002

Summary

The Microsoft Java implementation in Internet Explorer features a vulnerability that permits remote attackers to read restricted process memory and potentially execute arbitrary code. The exploit occurs via the 'getNativeServices' function, which instantiates the 'com.ms.awt.peer.INativeServices' class. Notably, the methods within this class fail to validate memory addresses passed as parameters, leading to unauthorized memory access and resulting in a denial of service through application crashes.

References

http://marc.info/?l=ntbugtraq&m=103684360031565&w=2

mailing-listx_refsource_NTBUGTRAQ

http://www.iss.net/security_center/static/10582.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/6140

vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 29, 2002
Vulnerability Reserved
Nov 13, 2002